Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/1bf8e977-7278-46cf-abd1-99cd1fd2be4e/4/326130353a646663353a32643a3a2f34382d3438203d3e20323033303639.roa
File:                     326130353a646663353a32643a3a2f34382d3438203d3e20323033303639.roa (raw, json)
Hash identifier:          OEZl376DrCsFU7qtJ3NW3IzAON94CZp87OVz26yHiJk=
Subject key identifier:   F3:EF:45:EF:0E:56:02:B4:4D:E9:38:6D:3F:F5:E9:AA:D8:1E:5D:16
Certificate issuer:       /CN=847138B5401830B89B52403C777718BB40B2B6B5
Certificate serial:       64DC3277B7118E537074E2C0976151EDC2676EE6
Authority key identifier: 84:71:38:B5:40:18:30:B8:9B:52:40:3C:77:77:18:BB:40:B2:B6:B5
Authority info access:    rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/847138B5401830B89B52403C777718BB40B2B6B5.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/1bf8e977-7278-46cf-abd1-99cd1fd2be4e/4/326130353a646663353a32643a3a2f34382d3438203d3e20323033303639.roa
Signing time:             Fri 20 Jan 2023 16:33:49 +0000
ROA not before:           Fri 20 Jan 2023 16:28:49 +0000
ROA not after:            Fri 19 Jan 2024 16:33:49 +0000
asID:                     203069
IP address blocks:        2a05:dfc5:2d::/48 maxlen: 48

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            64:dc:32:77:b7:11:8e:53:70:74:e2:c0:97:61:51:ed:c2:67:6e:e6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=847138B5401830B89B52403C777718BB40B2B6B5
        Validity
            Not Before: Jan 20 16:28:49 2023 GMT
            Not After : Jan 19 16:33:49 2024 GMT
        Subject: CN=F3EF45EF0E5602B44DE9386D3FF5E9AAD81E5D16
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:9b:e6:37:34:c6:85:3b:f3:ce:d5:76:84:ca:
                    36:6d:17:b3:de:ce:cf:83:5b:3c:87:d9:51:35:a6:
                    2f:87:3c:5a:1c:dc:1f:c7:f3:d2:cb:b5:f7:dd:3d:
                    a7:24:da:c6:ef:a7:7b:e9:b9:a1:dc:f0:fc:87:f5:
                    c6:67:53:f1:cf:35:37:60:b7:33:53:25:ae:1f:f1:
                    9a:0e:3b:ed:55:13:16:55:a5:3e:59:d4:fc:47:64:
                    17:ea:ae:2d:02:b7:37:ef:cf:38:23:75:a8:46:23:
                    aa:c4:37:c4:fe:8b:ce:5d:16:bf:fb:2c:00:3d:37:
                    51:4a:f5:91:01:26:2a:37:c8:b3:15:ec:08:01:0b:
                    59:33:4d:d6:84:f3:38:50:dd:74:1f:28:6b:57:a5:
                    58:83:dc:9a:e9:be:02:0f:f2:b0:f6:51:f4:d4:4c:
                    89:a5:e8:2d:c3:c8:08:60:d9:8e:64:bd:59:88:fc:
                    63:79:68:ca:4a:da:bd:d9:7c:94:7b:50:03:4a:24:
                    68:24:9d:fa:b5:7e:1c:55:af:2c:bf:eb:6d:08:77:
                    8d:9a:2c:eb:80:5a:77:c9:57:f9:aa:21:b0:79:83:
                    ee:3b:30:2c:0f:08:39:3a:c4:86:b6:7f:8d:f7:0a:
                    4c:3c:89:cc:d6:9b:9f:92:0f:c5:0d:c9:5f:5a:75:
                    18:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F3:EF:45:EF:0E:56:02:B4:4D:E9:38:6D:3F:F5:E9:AA:D8:1E:5D:16
            X509v3 Authority Key Identifier:
                keyid:84:71:38:B5:40:18:30:B8:9B:52:40:3C:77:77:18:BB:40:B2:B6:B5

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/1bf8e977-7278-46cf-abd1-99cd1fd2be4e/4/847138B5401830B89B52403C777718BB40B2B6B5.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/847138B5401830B89B52403C777718BB40B2B6B5.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/1bf8e977-7278-46cf-abd1-99cd1fd2be4e/4/326130353a646663353a32643a3a2f34382d3438203d3e20323033303639.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:dfc5:2d::/48

    Signature Algorithm: sha256WithRSAEncryption
         8f:42:66:86:91:0f:5f:e0:c6:f7:66:15:c5:c8:22:83:04:91:
         1a:fa:83:5d:15:4c:98:6f:f2:45:5a:c6:1c:5e:69:8e:51:6e:
         cc:79:6b:24:49:f1:63:6f:a1:c9:e4:f8:51:b2:89:b2:0d:f3:
         8a:c1:1b:e0:19:27:d3:a9:12:65:b2:73:06:81:01:02:ef:e9:
         8e:e9:83:f3:6a:4c:1e:09:f7:cf:47:56:e1:4d:86:4a:51:61:
         9c:0a:0c:ab:01:c0:0f:86:4e:5b:61:e8:9b:ab:64:70:0f:c0:
         b7:49:88:8e:6b:97:43:c6:60:c5:c9:98:df:15:b0:fa:fa:29:
         a9:6a:41:cb:cd:f8:60:13:a7:75:7a:33:9b:cf:ea:8a:46:4b:
         d1:c1:57:a8:c9:64:86:78:8e:4a:a9:32:f3:5e:b5:33:8a:f8:
         9b:77:97:5d:85:05:4d:7c:a0:a9:58:4d:0f:ea:b1:82:c3:2c:
         9e:b1:e1:12:2a:aa:da:c6:9b:34:75:d5:8d:1e:77:16:c7:4b:
         45:63:12:e3:93:4a:62:55:9d:5e:93:81:26:cd:d6:51:60:52:
         27:93:06:10:65:07:d7:8a:ae:14:2b:94:40:84:05:17:c3:6f:
         a1:bb:a7:6e:dc:d0:b0:67:2f:56:ba:2e:48:f4:0c:08:77:ec:
         99:f0:fa:16
-----BEGIN CERTIFICATE-----
MIIFbDCCBFSgAwIBAgIUZNwyd7cRjlNwdOLAl2FR7cJnbuYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoODQ3MTM4QjU0MDE4MzBCODlCNTI0MDNDNzc3NzE4QkI0
MEIyQjZCNTAeFw0yMzAxMjAxNjI4NDlaFw0yNDAxMTkxNjMzNDlaMDMxMTAvBgNV
BAMTKEYzRUY0NUVGMEU1NjAyQjQ0REU5Mzg2RDNGRjVFOUFBRDgxRTVEMTYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDTm+Y3NMaFO/PO1XaEyjZtF7Pe
zs+DWzyH2VE1pi+HPFoc3B/H89LLtffdPack2sbvp3vpuaHc8PyH9cZnU/HPNTdg
tzNTJa4f8ZoOO+1VExZVpT5Z1PxHZBfqri0CtzfvzzgjdahGI6rEN8T+i85dFr/7
LAA9N1FK9ZEBJio3yLMV7AgBC1kzTdaE8zhQ3XQfKGtXpViD3JrpvgIP8rD2UfTU
TIml6C3DyAhg2Y5kvVmI/GN5aMpK2r3ZfJR7UANKJGgknfq1fhxVryy/620Id42a
LOuAWnfJV/mqIbB5g+47MCwPCDk6xIa2f433Ckw8iczWm5+SD8UNyV9adRj/AgMB
AAGjggJ2MIICcjAdBgNVHQ4EFgQU8+9F7w5WArRN6ThtP/XpqtgeXRYwHwYDVR0j
BBgwFoAUhHE4tUAYMLibUkA8d3cYu0CytrUwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMWJmOGU5NzctNzI3OC00NmNmLWFiZDEtOTljZDFmZDJi
ZTRlLzQvODQ3MTM4QjU0MDE4MzBCODlCNTI0MDNDNzc3NzE4QkI0MEIyQjZCNS5j
cmwwgZMGCCsGAQUFBwEBBIGGMIGDMIGABggrBgEFBQcwAoZ0cnN5bmM6Ly9ycGtp
LXJwcy5hcmluLm5ldC9yZXBvc2l0b3J5LzhhODQ4YWRmODUwZDA2M2UwMTg1NzU1
YzkxYmUzZjlkLzIvODQ3MTM4QjU0MDE4MzBCODlCNTI0MDNDNzc3NzE4QkI0MEIy
QjZCNS5jZXIwgbMGCCsGAQUFBwELBIGmMIGjMIGgBggrBgEFBQcwC4aBk3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvMWJmOGU5Nzct
NzI3OC00NmNmLWFiZDEtOTljZDFmZDJiZTRlLzQvMzI2MTMwMzUzYTY0NjY2MzM1
M2EzMjY0M2EzYTJmMzQzODJkMzQzODIwM2QzZTIwMzIzMDMzMzAzNjM5LnJvYTAY
BgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIA
AjAJAwcAKgXfxQAtMA0GCSqGSIb3DQEBCwUAA4IBAQCPQmaGkQ9f4Mb3ZhXFyCKD
BJEa+oNdFUyYb/JFWsYcXmmOUW7MeWskSfFjb6HJ5PhRsomyDfOKwRvgGSfTqRJl
snMGgQEC7+mO6YPzakweCffPR1bhTYZKUWGcCgyrAcAPhk5bYeibq2RwD8C3SYiO
a5dDxmDFyZjfFbD6+impakHLzfhgE6d1ejObz+qKRkvRwVeoyWSGeI5KqTLzXrUz
ivibd5ddhQVNfKCpWE0P6rGCwyyeseESKqraxps0ddWNHncWx0tFYxLjk0piVZ1e
k4EmzdZRYFInkwYQZQfXiq4UK5RAhAUXw2+hu6du3NCwZy9Wui5I9AwId+yZ8PoW
-----END CERTIFICATE-----
Generated at Thu Jun 6 20:00:56 2024 by rpki-client on console-ams.rpki-client.org